Thursday, May 2, 2013

It's Time to Encrypt Your Email

My people have no tradition of proofreading.  —Ken White

Too long; didn't read

I set out to write some simple instructions on setting up encrypted email.   Being a college teacher, I couldn't resist answering the "because" question for every step.  I also wandered into the ways one could use encrypted email and the other features available.  The article became way too long for anyone to actually use, so  I've broken it up into three parts.  This is the first of the three.  The other two are:

Why Encrypt?

We've read about "hackers" and reporters breaking into peoples' email. The FBI is back again with a proposal that would make "wiretapping" electronic communications easier. It's probably already too easy. If you're not sure, ask David Petraeus. Current (2013) law provides very little protection for email messages and almost none for messages left on your mail provider's server for longer than 180 days.  According to the Electronic Frontier Foundation, some of the biggest providers of email (Apple, AT&T, Comcast, Verizon, and Yahoo) do not require warrants for access to "content," which appears to include email.  (2013 data.)  In the summer of 2013, we found that snooping by the NSA in particular is far more widespread than most of us had imagined.

Most of the personal email most of us write is completely innocent, things like deciding on where to go for pizza, but even innocent email can contain confidential information.  I needed the Social Security numbers of my nieces and nephew to make them beneficiaries in case of my death.  Even though those exchanges were innocent, they contained information others should not have. I have recently been reminded that anything you communicate to your lawyer should be encrypted to protect the attorney-client privilege.

As you can see, there are good reasons for keeping your email confidential.  The best one is that the contents of your email are none of their damn' business!  whoever "they" may be. You can protect your personal email by encrypting it, and it's easy to do.  Read on to find one way to do it.

Following these instructions will allow you to encrypt mail that you want encrypted, and all the software you need is free.  Messages that you don't want encrypted will not be.  That's important because many of the people with whom you correspond will not have encryption set up at "their end."   Tell the ones who don't about this article!

Two Ways to Encrypt Email

Email can be encrypted using one of two standards: S/MIME or OpenPGP, that are not interoperable.  The Thunderbird email client discussed below is ready for S/MIME out of the box.  Trouble is, that requires a digital certificate for which you might have to pay.  These instructions are for OpenPGP, which is based on a "web of trust" rather than on digital certificates.  (If you have friends who use S/MIME encryption, Comodo offers free certificates with a one-year expiration period.  You can install both S/MIME and OpenPGP encryption, but you have to keep track of who uses what.)

Note for Users of  MacOS 

The instructions below will work for MacOS, but after I wrote this, the folks who develop GPG Tools for Mac released Version 2 of GPG Mail.  I don't have access to a Mac, so I haven't tested this personally, but a colleague with a Mac says it just snaps in and works.  If you use the Apple Mail application, you can probably just install GPG Mail instead of following my outline.  Before you start, please do read about pass phrases, key generation, and making a backup of your private key, below; that information is applicable to configuring GPG Mail.  You should actually read the whole article, and the two that follow.  If you try using GPG Mail, please leave a comment reporting your experience.  (Note added 2013-08-11.)

What We are Going to Do

These instructions are primarily for Windows users, but the software described will run on Linux and Mac OS as well.  This may seem long and complicated, but if you take it step-by-step, it'll be easy.  I recommend reading through the entire post before you start.  Here's what we're going to do:
  1. Install a "local" email client, Mozilla Thunderbird, on your computer.
  2. Install public key cryptography software, either GPG4Win or Gnu Privacy Guard, on your computer.
  3. Devise a passphrase to protect your private key.
  4. Generate your own public/private key pair.
  5. Install the Enigmail plugin.
  6. Upload your public key to a keyserver.
  7. Make a backup of your private key.
Optionally, you may want to create a revocation certificate and have your public key signed by a few other people.  There's more on that in Using Encrypted Email.

Install a Local Email Client

To start with, you will need an email client that runs on your own computer.  If you are already running Thunderbird, or perhaps Seamonkey, you're done with this step.

Otherwise, download and install Mozilla Thunderbird.  In most cases, Thunderbird can configure itself automatically with just your email address because it has a database of settings for major email providers.  If, for some reason, automatic configuration fails, you will need, from your email provider, the server addresses and port numbers to configure IMAP or POP incoming mail and SMTP outgoing mail.  These should be available from your email provider's support site.  For example, the settings for Google's gmail, are imap.googlemail.com, port 993 and smtp.googlemail.com, port 465.  You will also need to know the connection type, which will often be SSL/TLS.

Install GPG4Win or Gnu Privacy Guard

Windows users, download and install GPG4Win.  Linux users should install Gnu Privacy Guard, and Mac OS users should install GPG Tools.

Part of setting up this software involves generating a public and private key for yourself.  Be sure you've read the next sections before you do that.

Devise a Passphrase

It is important that you keep your private key private.  You will use a "password" for that.  Your encryption is no stronger than this word or phrase. Please don't use any of the top 10,000 passwords.  I recommend using a phrase you will remember, something like, "My best times are those I spend at the beach."  That is very easy to remember, but it would be difficult even for someone who knows me well to guess it.  The phrase should be more than a couple of dozen letters to foil automatic guessing, but you are going to have to type this phrase every time you encrypt or decrypt a message, so don't write a book!

The people who write password cracking software are onto the rules of grammar.  For a little more strength, rephrase as Yoda-speak: "Those I spend at the beach my best times are."

For the strongest passphrase, generate it with Diceware.  If you want to experiment with Diceware, I have a set of electronic dice.  Get some real dice to generate your actual passphrase if you choose this method.

If you forget your passphrase, you're toast.  Write it on a slip of paper and put it in a book you use infrequently. When (if ever) you are absolutely sure you have it memorized, tear that slip of paper into tiny pieces and flush them.

Generate a Key Pair

Once you've settled on a passphrase, you are ready to generate your public and private keys.  For Windows, you do this with Kleopatra, which is part of GPG4Win.  For reasons that don't need to be explained here, Kleopatra, and possibly some of the other software, talks about "certificates" in reference to public and private keys.  In Kleopatra, choose File → New Certificate.  Generate an OpenPGP key.  Make the key length at least 2,048 bits. You set the key length using the "Advanced Settings" button after you've started to generate an OpenPGP key.  Choosing the maximum size, currently 4,096 bits for GPG4Win and GPG Tools, is good.

Install the Enigmail Plugin

Download and install the Enigmail plugin for Thunderbird.  Enigmail is the "glue" that connects the encryption software to Thunderbird.  It adds toolbars for encrypting and decrypting email.  You'll need to pick your operating system platform and the version of Thunderbird you're using.  You can find the Thunderbird version through Help →About.

Upload Your Public Key to a Keyserver

To make your public key as public as possible, upload it to a keyserver.  The keyservers talk to each other, so uploading to one of them is generally enough. Use Settings → Configure Kleopatra → Directory Services and click Add to add a keyserver.  The default is keys.gnupg.net, and accepting the default is generally all you need to do.  Once a keyserver has been configured, choose File → Export Certificates to Server.  Ignore (for now) the warning about creating a revocation certificate.

Make a Backup of Your Private Key

Earlier I wrote that if you forget your passphrase, you're toast.  The same thing is true if you lose your private key.  If you've followed these instructions, your private key is stored on your computer.  A disk crash or a new computer might mean you can no longer decrypt mail that others send to you.  To prevent that, make a backup of your private key now and any time you make a change.

To do that with Kleopatra, select our own certificate (key) and select File → Export Private Certificate. (Some versions say, Export Secret Keys) Provide a file name, like bbrown_private_key, and do not check ASCII Armored.  Copy the backup to a flash drive or burn it to CD and guard it carefully; it is not protected by your passphrase.

Exporting your private key also exports your public key.  If you ever need the backup, you will be able to import it with Kleopatra.

What About Web Mail, Tablets, Smart Phones?

To be secure, encryption and decryption necessarily has to take place on the "end device," your computer, tablet, or phone.  If it happened at your email provider's server, your email provider would have to have your key.  If they have your key, they can divulge the contents of your email, perhaps accidentally or perhaps under a secret court order.

If you were using a web mail client, it will still work, but you won't be able to send or read encrypted mail. The post on Using Encrypted Email includes a brief discussion of Thunderbird Portable Edition, which will let you use encryption with others' computers.

For phones and tablets, there is software for Android that will let you use encryption, and software for iOS that will allow reading, but not creating, encrypted messages. A new iOS app seems to provide full encryption and decryption.  I've successfully installed APG and K-9 on my Android tablet and can send and receive encrypted mail.  I'll try to write some instructions presently.

About Your Work Email

Even if you work for a very permissive organization, they probably wouldn't appreciate your adding encryption to your work email.  Beyond that, free email accounts are readily available for personal use.  Mixing personal and work email can cause you serious problems.  For some examples, search on "fired because of email."

Some Terminology

These definitions may help you navigate the documentation of the programs with which you will be working.
OpenPGP
OpenPGP is a standard describing a mechanism for both encrypting and digitally signing files. Those files may be email messages or a "plain" data file. There is no "OpenPGP" program; two programs that implement the OpenPGP standard are described below.
PGP
PGP was a company, since acquired by Symantec, and also the name of that company's products. The PGP products implement the OpenPGP standard. They're commercial products; they cost money. People pay Symantec money to get technical support, regular product upgrades, etc. If you are installing encryption for a company, and not for personal use, consider the Symantec products or those offerd by other companies.  There was a free version of PGP, but it is now very out of date and should not be used.
GnuPG
GnuPG, also called Gnu Privacy Guard or GPG, is a free and open-source implementation of OpenPGP. As with other free software, support consists only of forums, mailing lists, and web articles. Upgrades and fixes are contributed by a dedicated group of volunteers.
Certificate
GnuPG refers to your public key and those of others as certificates because that's what they are. What's produced is a public key with a digital signature signed with the corresponding private key. That's a self-signed digital certificate. While it doesn't provide any assurance of correct binding to an identity, it does provide protection against tampering.

Ready for More Information? 

Now that you have encryption set up, read Using Encrypted Email.  For an overview of how this all works, try A Little About Encryption.

Did You Do This?

Every encrypted message is a tiny protest against the government's massive surveillance apparatus.  Please encourage others by leaving a comment below.  It can be as short as "I did it!" or as long as a description of your experience, but you really will help others.  Please spread the word by sharing this post.  Linking is easiest and lets me make updates, but the Creative Commons license lets you copy the entire post, too.

Copyright © 2013 by Bob Brown 
 Creative Commons License
It's Time to Encrypt Your Email by Bob Brown is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.

The quotation by Ken White is used by permission.